We believe in empowering on-demand drivers and couriers. We provide critical information to help increase income and awareness ofLyft and Uber drivers and Instacart shoppers and Postmates, Caviar, Doordash, and Amazon couriers.

New Lyft Phishing Scam Hack and Steal Lyft Driver Earnings

In the few days, I have heard multiple reports of scammers calling Lyft drivers and asking them for their verification code. The scammers pretend to be from Lyft and ask them for their 4 digit code to verify their account or various things about their Lyft profile.

When you log in to your Lyft profile, there are two options. The first one is through Facebook. The second option is to enter in your phone number and it texts you a 4 digit code. It may also ask you for your drivers license number. The scammers is often asking for this 4 digit code, among other information like your drivers license number, in order to get into your account.

In short, don’t give out any personal information over the phone. They may have additional information about you to try to pretend to be from Lyft, including your name, address, or the make of your car.

Lyft’s Warning

Lyft seemed to be aware of the Lyft phishing scam as early as Monday of this week because Lyft sent out a text message and email a few days ago clarifying that Lyft will never call Lyft drivers and ask them for any type of personal information. Almost all communications from Lyft is done by email and would never call anyway, unless you had an issue with one of your trips. They would email you if there was an issue with your driver account.

I never got the text but here is a copy of the email:

The Lyft Phishing Scam

It is not clear how scammers are getting Lyft Driver’s phone numbers. Some Lyft drivers claim that they got a call through their Lyft (Twilio) passenger number, which may lead me to believe that it could be a former passenger who is calling the same number to reach the driver. This way they can be sure it is a Lyft driver and that the call comes from a Lyft number. I have heard of someone requesting Lyfts, cancelling them within a minute, and then proceeding to call the driver right after. This is a free way to troll for Lyft driver’s phone number. I am not sure how long the phone number stays live for after the cancellation or if it stays live after getting a new passenger.

What scammers are doing is asking for the 4 digit code and/or your driver’s license number to log into the Lyft driver’s account, changing the payment information and depositing the earnings into another account. This has happened to a few drivers I know of but many more drivers are starting to get phone calls asking them for their 4 digit code. It seems effect drivers in specific markets. It doesn’t seem to be very widespread, but Lyft has gotten enough complaints that they sent out an email in some cities highlighting the problem.

Status of the Lyft Phishing Scam

It definitely caught a few drivers by surprise and scammed a few drivers earlier this week, but after Lyft sent out the warning via text and email and drivers are posting to various Facebook Groups, more drivers are more aware of the Lyft Phishing scam so it is not as effective as it was a few days ago. There are still a few Lyft drivers who got scammed as recently as yesterday and more Lyft drivers are coming forward reporting weird calls from their Lyft passenger numbers.

I believe that Lyft also added another layer of security by asking you for your driver’s license number in addition to the 4 digit code to prevent the Lyft Phishing scam.

What if You Get a Call

Try to save the phone number they are calling from and any other details about the call. It is not likely that you will get a lot of information from them, but maybe recording the phone number may help Lyft investigate this Lyft Phishing scam.

What if You’re a Victim of Lyft Phishing Scam?

For those Lyft drivers who are victims of this Lyft Phishing scam, contact Lyft immediately. Only a handful of Lyft drivers I’ve heard of had money stolen from them so it is unclear how Lyft is responding to it. Note that there are Lyft drivers who are using this incident to Lyft Phishing scam Lyft by claiming money was stolen from their account. There is no guarantee that Lyft will reimburse drivers who had money stolen until there is a full investigation. I wouldn’t be surprised if Lyft doesn’t reimburse Lyft drivers at all.

How to Protect Yourself from Phishing Scams

Never give out any personal information over the phone. Anyone can call you asking for information. Even if it is a legitimate call, make sure that you find out who is calling, and then find a phone number online to call them back. I always do this when credit card companies call. I usually get a secured message through my email or a generic call to give them a call back. I will then call the number on the back of my credit card or find a phone number from a legitimate website to make sure it is not a scam.

Also, Lyft almost never calls and when they do, it is usually in a response to a support ticket or incident you filed. If you get suspended or deactivated from the Lyft platform, they always do it by email. There was one time I picked up a minor. I cancelled the ride, rated it a 1, and submitted a comment. About two hours later, I got a call from Lyft asking about that specific incident. I thought it was a very prompt reply to my incident. During the call, I was never asked any private information. The agent asked if I was Simon and then asked for some information about the ride and about the situation. The agent never asked for my personal information.

What About Uber?

[Update 3/1/16: there is a new scam targeting drivers. They often ask for your login email and password. Never give them out ever. I mean never. There is 0 reasons why Uber needs your password. They can access your account at any time internally.]

I haven’t heard of any reports about any reports about scammers getting into Uber accounts. There is only one way to get into an Uber Partner account and it is through an email and password. Make sure to use safe passwords on any account and make sure to include numbers and symbols, don’t use a common password with other accounts, and to change them regularly.